Bugzilla – Attachment 2148 Details for
Bug 2003
[mux.c] fix memory leaks when new session message is malformed
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch fixing memory leak
0001-mux.c-fix-memory-leaks-when-new-session-message-is-m.patch (text/plain), 2.21 KB, created by
Bert Wesarg
on 2012-05-03 04:10:07 AEST
(
hide
)
Description:
Patch fixing memory leak
Filename:
MIME Type:
Creator:
Bert Wesarg
Created:
2012-05-03 04:10:07 AEST
Size:
2.21 KB
patch
obsolete
>From 020b9215cf98a575275f0c413483d32df1bff79e Mon Sep 17 00:00:00 2001 >Message-Id: <020b9215cf98a575275f0c413483d32df1bff79e.1335979377.git.bert.wesarg@googlemail.com> >From: Bert Wesarg <bert.wesarg@googlemail.com> >Date: Tue, 1 May 2012 21:32:13 +0200 >Subject: [PATCH] [mux.c] fix memory leaks when new session message is malformed > >The malf: exception block is also used when extracting the environments >for the new session, therefor we need also to free those if it fails. > >Also free the context object in two cleanup blocks. > >--- > mux.c | 10 ++++++++-- > 1 files changed, 8 insertions(+), 2 deletions(-) > >diff --git a/mux.c b/mux.c >index d90605e..626db51 100644 >--- a/mux.c >+++ b/mux.c >@@ -314,10 +314,12 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) > /* Reply for SSHMUX_COMMAND_OPEN */ > cctx = xcalloc(1, sizeof(*cctx)); > cctx->term = NULL; > cctx->rid = rid; > cmd = reserved = NULL; >+ cctx->env = NULL; >+ env_len = 0; > if ((reserved = buffer_get_string_ret(m, NULL)) == NULL || > buffer_get_int_ret(&cctx->want_tty, m) != 0 || > buffer_get_int_ret(&cctx->want_x_fwd, m) != 0 || > buffer_get_int_ret(&cctx->want_agent_fwd, m) != 0 || > buffer_get_int_ret(&cctx->want_subsys, m) != 0 || >@@ -327,20 +329,23 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) > malf: > if (cmd != NULL) > xfree(cmd); > if (reserved != NULL) > xfree(reserved); >+ for (j = 0; j < env_len; j++) >+ xfree(cctx->env[j]); >+ if (env_len > 0) >+ xfree(cctx->env); > if (cctx->term != NULL) > xfree(cctx->term); >+ xfree(cctx); > error("%s: malformed message", __func__); > return -1; > } > xfree(reserved); > reserved = NULL; > >- cctx->env = NULL; >- env_len = 0; > while (buffer_len(m) > 0) { > #define MUX_MAX_ENV_VARS 4096 > if ((cp = buffer_get_string_ret(m, &len)) == NULL) > goto malf; > if (!env_permitted(cp)) { >@@ -411,10 +416,11 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) > for (i = 0; i < env_len; i++) > xfree(cctx->env[i]); > xfree(cctx->env); > } > buffer_free(&cctx->cmd); >+ xfree(cctx); > return 0; > } > > if (options.control_master == SSHCTL_MASTER_ASK || > options.control_master == SSHCTL_MASTER_AUTO_ASK) { >-- >1.7.9.rc0.542.g07ca1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2148">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2003
: 2148